Could you try deleting the Listener for the Windows Log files and recreate it?
After that, reboot your server and see if they start logging after 10 minutes of running.
Hosts dropped to 1
Re: Hosts dropped to 1
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Hosts dropped to 1
Where would that be located?
Re: Hosts dropped to 1
Click on "Administration", "Global Configuration" if where the inputs are defined.
You should see one in there called "Windows Event Log (Default)"
Lets try and disable it by clicking on the "Active" button next to it to make it Inactive.
Now click in the "Add Input" button, "Custom" and create a new input called "New Windows Event Log" and past this in to the field.
Click "Save and Apply"
Try that and see if that works for you.
You should see one in there called "Windows Event Log (Default)"
Lets try and disable it by clicking on the "Active" button next to it to make it Inactive.
Now click in the "Add Input" button, "Custom" and create a new input called "New Windows Event Log" and past this in to the field.
Code: Select all
tcp {
type => 'eventlog'
port => 3515
codec => json {
charset => 'CP1252'
}
}
Try that and see if that works for you.
You do not have the required permissions to view the files attached to this post.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Hosts dropped to 1
That seems to have no change, I'm still not receiving any logs and showing only one host.
Re: Hosts dropped to 1
Could you run this and post the output?
Code: Select all
service iptables status
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Hosts dropped to 1
I turned off the firewall, I can turn it back on if needed, but it wasn't working before I turned it off either:
iptables: Firewall is not running.
iptables: Firewall is not running.
Re: Hosts dropped to 1
The firewall being off is OK for now.
Can you go to "Administration", "Cluster Status" and show us a screen capture of that?
Can you go to "Administration", "Cluster Status" and show us a screen capture of that?
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Hosts dropped to 1
See Attached.
You do not have the required permissions to view the files attached to this post.
Re: Hosts dropped to 1
With the firewall down, you can issue this query to the backend of logserver:
and show us a screen shot, it should look something like this:
s:
send us the output of that screen. Thanks.
Code: Select all
http://192.168.4.55:9200/_plugin/head/
s:
send us the output of that screen. Thanks.
You do not have the required permissions to view the files attached to this post.